I have just recently sent this new Zimbra 8.0.3 server. I have only ONE domain setup right now so that I can get everything configured the way I want and then I'm going to start migrating accounts to this server.

I would like to configure the opendkim which is bundled with Zimbra 8 so I was following the instructions in the wiki but for some reason when I'm running the dig command there is ANSWER: 0.

I assume that these DNS entries should be made in the DNS server that is managing ZIMBRA. Is that correct?? The domain that I am configuring in Zimbra is actually controlled by my sharedhosting server and just the MX record is pointing to the ZIMBRA server. I have added the previously mentioned DNS entries to my records file in bind. I'm useing Webmin to configure BIND so I'm not sure which one was right, so I put them both there. That is the actual records file though.

Could someone please help me get this going?

05-31-2013, 11:28 PM

phoenix

Quote:

Originally Posted by jim.thornton

I would like to configure the opendkim which is bundled with Zimbra 8 so I was following the instructions in the wiki but for some reason when I'm running the dig command there is ANSWER: 0.

Then you've either made a mistake with the record or you've not added them to the correct DNS server.

Quote:

Originally Posted by jim.thornton

I assume that these DNS entries should be made in the DNS server that is managing ZIMBRA. Is that correct??

I don't really understand what you mean by that statement, there is no DNS server "managing Zimbra". If you haven't added these DKIM records to your public DNS server how would you expect any other mail server to verify your DKIM 'authenticity'?

06-01-2013, 05:44 AM

jim.thornton

Quote:

I don't really understand what you mean by that statement, there is no DNS server "managing Zimbra". If you haven't added these DKIM records to your public DNS server how would you expect any other mail server to verify your DKIM 'authenticity'?

I did enter them into a public DNS server, but I have 2 DNS servers that are involved with this domain. Here's how it is setup:

Domain: extra6.com
Domain Registrar: The nameservers for this domain are pointing to SERVER 1.
SERVER 1: Sharedhosting w/ Public DNS. All the DNS records for this domain are managed on this DNS server. www.*, mail.*, ftp.*, mx, etc.

SERVER 2: Zimbra Install with Public DNS.
Domain: mail-svr.com
Domain Registrar: The nameservers for this domain are pointing to SERVER 2.
SERVER 2: Zimbra install w/ Public DNS. This DNS server contains the records for mail-svr.com including the NS, mail and mx records.

So when I say "the server that is managing ZIMBRA", I am referring to SERVER 2.

I copy and pasted the text outputted after generating the keys and put it directly in the records file for my master zone of the DNS on SERVER 2. Is that what I'm suppose to do?

I guess what I need to know... When verifying DKIM, does the receiving server verify with the extra6.com domain, or does it follow back to the server email-svr.com where the email originated?

06-01-2013, 07:34 AM

phoenix

According to a 'dig' for your domain these are your DNS servers:

Code:

ns1.extra6.com. 14400 IN A 67.214.181.213
ns2.extra6.com. 14400 IN A 67.214.181.214

Neither of those returns any information for your DKIM records, you need to investigate why.

06-01-2013, 04:12 PM

jim.thornton

Okay, that's what I'm asking. Whether I'm suppose to put it in the DNS server for my domain (extra6.com) or the DNS server for my mail server.

I take it from your response it needs to go in the DNS server for the domain itself. I will try that and see how it works.

06-01-2013, 06:40 PM

quanah

The first part of the "D" in DKIM stands for "Domain". It has to do with the DOMAIN that is being signed. So clearly, any DKIM keys need to be associated with the DOMAIN you want signing for.

06-01-2013, 08:46 PM

jim.thornton

Okay... I entered the DKIM signature into the DNS and dig is showing it when you enter the selector along with ._domainkey.extra6.com

How do I know that it is working correctly? I sent and email to another email box and I viewed the headers and I can see the DKIM key in the header.

In general and after personal issue with the opendkim service, Discovered that the opendkim service is running to check the DNS records, Hostname & FQDN.

Issue:
After upgrade i have a problem with the opendkim service (opendkim Stopping).

Solution:
1- You have to check the NAT on the Firewall.
2- You have to check the /etc/hosts file.
3- You have to check the /etc/resolv.conf file.
4- You have to check the A and MX records in your Internal DNS.
5- You have to check the MX record that reserve in your ISP DNS.

After That try as a zimbra user to run #zmopendkimctl start , it should be working fine after that.